There has been a lot of commotion in the tech-news about the #WannaCrypt / #WannaCry / #Wcry ransomware.
For example NYT made a nice map showing the outbreak around the globe. More detailed information can be found at Troy Hunt’s blog post.
The Critical Update Bulletin can be found at: https://technet.microsoft.com/library/security/MS17-010
MSRC even made Customer Guidance page.
Of course we need to keep our patches current. I just wanted to do a quick check on my systems where protected from the exploit yes or not? Just looking in the “View Installed updates” scanning for 4012212 can be an annoying Control panel task. The search on this page also isn’t much fun either because it will scan the entire system again and sometimes missing the result you’re looking for!
The problem for MS17-010: In the bulletin I could find KB-numbers for every OS needed. But what was missing are; the Rollups replacing the March Rollup(s) are not mentioned in the bulletin itself. If you have these, you’re good/patched either :-).
Microsoft does not show replacement information on the KB-page itself.
Using a SCCM Console we can find Supersedence information for example April rollup KB4015549 (first monthly successor).
The updates missing here might be caused by Supersedence Rules
And so the best place to look for this information would be the Microsoft Update Catalog
After searching, click on the update [title] to view details for KB4015549 and go to the ‘Package Details’ tab. Here we can find the needed replacement information (‘This update has been replaced by the following updates’). Click every replacing update until you end with ‘n/a‘.
To wrap up and quickly check on a few systems I’ve made a PoSh script checking it for the most common operating systems. Windows (server) 7/2008R2/2012/R2/2016.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
<# .SYNOPSIS This is a simple Powershell to check for MS17-010 and other HotFixes/Updates also including this patch .DESCRIPTION The script can best be run from the PowerShell Integrated Scripting Environment .NOTES File Name : Search-for-Hotfix.ps1 Author : Ariën de Groot - ADG ICT Solutions Date : 15-5-2017 #> # How to check for MS17-010 and other Updates including this patch # KB4012212 KB4012215 KB4015549 KB4019264 - Windows Server 2008 R2 and Windows 7 for x64-based Systems # KB4012213 KB4012216 KB4015550 KB4019215 - Windows Server 2012 R2 # KB4013429 KB4019472 KB4015217 KB4015438 KB4016635 - Windows Server 2016 # List of all Updates containing the patch $hotfixes = "KB4012212","KB4012215","KB4015549","KB4019264","KB4012213","KB4012216","KB4015550","KB4019215","KB4013429","KB4019472","KB4015217","KB4015438","KB4016635" # Search for the Updates $hotfix = Get-HotFix | Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object -property "HotFixID" # See if the Update was found if ($hotfix) { Write-Host "Found Update(s):" $hotfix.HotFixID -ForegroundColor Green } else { Write-Host "Missing the Update" -ForegroundColor Red } |
It can also be changed and run remotely from a management system of course.